contrib.dlint.dlint-equivalent.insecure-itsdangerous-use
returntocorpAuthor
221
Download Count*
The Python third-party 'itsdangerous' module used with 'none' signing algorithm
Run Locally
Run in CI
Defintion
rules:
- id: insecure-itsdangerous-use
message: The Python third-party 'itsdangerous' module used with 'none' signing
algorithm
languages:
- python
severity: WARNING
metadata:
source_rule_url: https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO137.md
category: security
technology:
- itsdangerous
references:
- https://github.com/dlint-py/dlint/blob/master/docs/linters/DUO137.md
owasp:
- A06:2017 - Security Misconfiguration
- A05:2021 - Security Misconfiguration
cwe:
- "CWE-310: Cryptographic Issues"
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
pattern-either:
- pattern: itsdangerous.signer.Signer(...,
algorithm=itsdangerous.signer.NoneAlgorithm, ...)
- pattern: itsdangerous.signer.Signer(..., algorithm=itsdangerous.NoneAlgorithm,
...)
- pattern: itsdangerous.Signer(..., algorithm=itsdangerous.signer.NoneAlgorithm,
...)
- pattern: itsdangerous.Signer(..., algorithm=itsdangerous.NoneAlgorithm, ...)
- pattern: itsdangerous.timed.TimestampSigner(...,
algorithm=itsdangerous.signer.NoneAlgorithm, ...)
- pattern: itsdangerous.timed.TimestampSigner(...,
algorithm=itsdangerous.NoneAlgorithm, ...)
- pattern: itsdangerous.TimestampSigner(...,
algorithm=itsdangerous.signer.NoneAlgorithm, ...)
- pattern: itsdangerous.TimestampSigner(..., algorithm=itsdangerous.NoneAlgorithm,
...)
- pattern: itsdangerous.jws.JSONWebSignatureSerializer(..., algorithm_name="none",
...)
- pattern: itsdangerous.JSONWebSignatureSerializer(..., algorithm_name="none",
...)
Short Link: https://sg.run/N4En